UKFast’s Security & Compliance Director, Stephen Crow warns supply chain cyber security is the key battleground for hackers and attacks are just going to get worse.
Such attacks are behind several high-profile attacks in recent years, and are only set to increase in number over the coming months and years. In fact,
If you’re concerned about the impact on your business here’s a quick overview of what you need to know.
A supply chain attack is designed to damage one or multiple organisations by infiltrating a less secure link in the supply chain. Common examples include targeting software or website hosting platforms that are used by multiple organisations.
These attacks are becoming increasingly common because they allow malicious actors to target multiple organisations with the same action.
An estimated 62% of supply chain attacks use malware, and 66% focus on infiltrating the suppliers’ code, with a view to infiltrating your customers’ networks. There are several common ways attackers do this:
In recent years, several prolific cyber attacks have been traced back to organisations’ supply chain providers. Here are two of the most common examples:
Supply chain attacks are successful and popular because prolific and well-established organisations are only as secure as the weakest link in their supply chain. So how do you stay protected?
There are several important steps you can take to protect your organisation from supply chain related attacks.
Use contractual clauses to govern security
When selecting and assessing supply chain partners, it’s important to make cybersecurity a vital prerequisite of doing business. You can do that by requiring:
Enforcing these clauses will mean your suppliers and partners will be contractually bound to protect you from supply chain related attacks.
Working with a third party provider always comes with some level of risk. And while it’s impossible to eliminate that risk completely – it is possible to reduce the risk as much as possible. So how do you do that? Our NEMYSIS Protocol has been a successful approach for many customers.
A key way of reducing risk is to avoid giving access to people who don’t need it. By granting the least amount of access necessary, it’s much easier to ensure the security of those suppliers who do need access.
It’s not enough to require your suppliers to be secure – you need to monitor their software activity. Pay attention to network activity, behavioural analysis and any advanced persistent threats (APTs) that are relevant to your industry.
Effective security isn’t something you do just once – it needs to be constantly monitored. When working with suppliers, require regular cyber security reviews to monitor their performance and proactively identify any potential risk.
It’s also important to make sure you have a backup plan if your suppliers aren’t found to be properly secure. Make sure you have an effective system to remove suppliers, and that your supplier contracts can enforce these policies.
Every supplier you work with should have their own risk vs. value analysis, weighing up the benefits of using the supplier against the risk to your data. Regularly comparing and assessing this risk will enable you to identify when risky suppliers aren’t worth the relationship.
As well as this, it’s also important to enforce regular and open collaboration on cybersecurity with supply chain partners. You can do this by:
Through an ongoing collaboration between you and your supply chain partners, you’ll be able to easily and proactively identify when potential vulnerabilities occur. This gives you the peace of mind that your business is safe from any supply chain related attacks or vulnerabilities.
Whether it’s scanning your own environment for vulnerabilities or working with supply chain partners – staying secure is more important today than it ever has been. With cyber attacks of all types on the rise, the time is now to make sure you’re protected.
If you want to find out more about supply chain attacks or any other kind of security breach, get in touch with our team today.